CVE-2026-43864

Affected product: mutt. Vulnerability: show_sig_summary NULL pointer dereference in mutt before 2.3.2. Root cause: NULL pointer dereference in show_sig_summary. Impact: low (CVSS: LOW, LOCAL, user interaction required). References indicate a fix in the project history (commit linked). Remediation...

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server 2.4.66 and earlier have code vulnerabilities due to a null point...

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server 2.4.66 and earlier have code vulnerabilities related to null...

PT-2026-37137

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Missing error handling in the TransferManager.UploadAllFiles function allows an authenticated user to cause a daemon crash. The issue occurs during the import of a truncated or corrupted storage bucket...

PT-2026-37101

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Missing validation logic in the storage bucket import process allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The issue occurs in the backup...

CentOS 9 : krb5-1.21.1-10.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the krb5-1.21.1-10.el9 build changelog. - In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls...

KLA91019 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, bypass security restrictions, execute arbitrary code, inject malicious code, gain privileges. Below is a complete list of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: fix filter idr initialization The referenced commit moved the idr initialization too early in flchange, which allows concurrent users to access the filter that is still being initialized and is in an inconsiste...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: octeontx2 – removed the CONFIGDMCRYPT check. No issues were found when using the driver with dm-crypt enabled. Therefore, the CONFIGDMCRYPT check in the driver can be removed. This also fixes the NULL pointer dereference...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Track xmit submissions to PTP WQ after populating the metadata map. Ensure that the skb is available in the metadata mapping to skbs before tracking the metadata index to detect undelivered CQEs. If the metadata ind...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fixed a NULL pointer dereferencing issue in gfs2rgrpdump. Syzkaller reported a NULL pointer dereferencing issue when accessing rgd-rdrgl in gfs2rgrpdump. This can occur when creating rgd-rdgl fails in readrindexentry. A NUL...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76: mt7996: fixed null pointer dereference in mt7996conftx If a link does not have an assigned channel yet, mt7996viflink returns NULL. We still need to store the updated queue settings in that case and apply them later...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: reset: uniphier-glue: Fix possible null-ptr-deref It will cause null-ptr-deref when resourcesizeres invoked, if platformgetresource returns NULL...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: betop: Check the shape of output reports The betopffinit function only checks that the total sum of the report counts for each report field is at least 4. However, hidbetopffplay expects 4 report fields. A device that sends ...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: igc: Restored the IGCREMOVED logic and implemented it correctly. The initially merged version of the igc driver code via commit 146740f9abc4, “igc: Add support for PF” contained the following IGCREMOVED checks in the...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/gvt: fixed the issue where vGPU debugfs was cleaned up during the remove operation. Check carefully whether the root debugfs is available when destroying the vGPU. For example, in the remove operation, the DRM minor’s...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: dlink: handle copythresh allocation failure The driver did not handle the failure of netdevallocskbip-align. If the allocation fails, dereferencing skb-protocol could lead to a NULL pointer dereference. This patch attempts t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Signal: Allocate SSVE storage when restoring ZA The code used to restore a ZA context does not attempt to allocate the task’s svestate before setting TIFSME. As a result, restoring a ZA context may place the task in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: In libceph, the error from monhandleauthdone should be returned. Currently, any error from cephauthhandlereplydone is propagated via finishauth, but it is not returned from monhandleauthdone. This results in higher layers...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: hp-bioscfg: Fixed kernel panic in the GETINSTANCEID macro. The GETINSTANCEID macro caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: The loop condition used name without checking whether...